Chapter 8. Security

Access Lists / Extended IP Access Lists

Many types of access lists are available in Cisco IOS Software for many different protocols. Here is a complete list.


You are permitted one access list per protocol, per interface, per direction.

FIGURE 8-1 Access control lists


At the end of every access list is an implied "deny all traffic" access control entry (ACE). Therefore, if a packet does not match any of your criteria statements, it is blocked.

Remember that the order of access list statements is important! For example, if you ...

Get CCIE Routing and Switching Exam Quick Reference Sheets now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.